LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 07-01-2003, 06:13 PM   #1
tarballed
Member
 
Registered: Jun 2002
Distribution: RH, FC, FreeBSD,OpenBSD
Posts: 326

Rep: Reputation: 30
Arrow The use of the 'root' account...


Hello everyone.

I wanted to start a thread about the use of the root account. Reason being is that I had some questions that I wanted to get some feedback on about the proper use of the root account.

One thing I'm currently in the habit of is using the root account for a lot of the work I do. I am doing mostly, if not all, admin work on all of our servers. I understand that root is a very sensitive account. But, what would you recommend as guidelines for use of the root account?

I mean, at this time, we currently have only one office (soon to change though) with all of our servers internal. Even though everything is internal, I would still like to find out some proper usage/guidelines, thoughts etc to make sure im not abusing the root account. (meaning, is it bad to consistenly use the root account for daily admin duties.)

I'm looking forward to hearing some responses and recommendations.

Thanks everyone.

Tarballed
 
Old 07-01-2003, 06:19 PM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
My first recommendation would be to install and configure sudo. That lets you execute single commands with root privilages, without actually logging in as that account. Make sure you only grant the sudo privilages that you will actually need, not ALL ALL:ALL. This is a very handy tool if you have to grant an admin very limited access to change a few things, but you don't want them to have full control over the box.
 
Old 07-01-2003, 06:46 PM   #3
hexbit
Member
 
Registered: Jun 2003
Location: Dallas, Tx
Distribution: Slackware
Posts: 65

Rep: Reputation: 15
Speaking of sudo, here's an excellent
tutorial on it : http://krnlpanic.com/tutorials/sudo.php
 
Old 07-02-2003, 07:56 AM   #4
Noryungi
Member
 
Registered: Jul 2003
Location: --> X <-- You are here.
Distribution: Slackware
Posts: 262

Rep: Reputation: 30
Here are two tutorials, that were pretty good, from O'Reilly:

http://www.onlamp.com/pub/a/bsd/2002...y_Daemons.html
http://www.onlamp.com/pub/a/bsd/2002...y_Daemons.html

And, yes, if you are admin, sudo is your friend!
 
Old 07-02-2003, 08:07 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,790
Blog Entries: 54

Rep: Reputation: 2979Reputation: 2979Reputation: 2979Reputation: 2979Reputation: 2979Reputation: 2979Reputation: 2979Reputation: 2979Reputation: 2979Reputation: 2979Reputation: 2979
Whether delegating tasks tru sudo works or not, make sure you deny remote access to the account, fixate file attributes (chattr), limit the time spent and limit the "freedom" of movement during interactive logins, like exporting sane environment variables, checking $TMP/dir/file ownage, minimize using SXid tools, tools shared with "human" users or outside root's trusted $PATH and not using recreational utilities or games.

For the rest it's IMO just using common sense, like for instance you don't need root privileges to build (rpm) packages, and plain vigilance like enforcing regular audits (integrity, system, network), log(in) checks etc etc.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I retain the PATH in the root account even when I switch to root using su? thearchitect Linux - Newbie 1 08-13-2005 01:02 AM
Can't get root account ssimontis Ubuntu 6 07-05-2005 08:07 PM
Help with root account... thmonkey Linux - Newbie 3 04-05-2005 09:51 PM
Using root account mfo6463 Linux - Newbie 12 03-28-2004 12:41 AM
Root Account???????? Silverado2000 Linux - General 5 02-01-2002 01:55 PM


All times are GMT -5. The time now is 08:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration